Security Incidents mailing list archives

RE: Novarg - Stopping .Zip Files

From: jamesworld () intelligencia com
Date: Wed, 28 Jan 2004 13:12:51 -0600

Absolutely.

Cisco Security Agent

http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html

Let me know if you have more questions about it.

-James


At 10:53 01/28/2004, Tom Milliner wrote:


Could someone tell me if there is an IPS solution
which could be quickly programmed to stop .zip
files?  I wish we could have stopped .zip files long
enough for our anti-virus program to get its updates.

Tom Milliner, CPA, MCSE
Director of Information Services
Greater Dallas Assc of Realtors
8201 N. Stemmons Frwy
Dallas,  TX  75247
www.gdar.org
mail to: milliner () gdar org
(214) 540-2741


-----Original Message-----
From: sloppy seconds [mailto:beleguese () yahoo com]
Sent: Tuesday, January 27, 2004 10:32 PM
To: incidents () securityfocus com
Subject: Novarg

To all,

Yes as many of you have noticed Novarg is spreading
fast. I work for a large international corporation and
we have seen extensive infiltration. However, this
worm has not proved to be as "damaging" as some may
claim. The scary part is that our investment in AV
solutions (Trend, Symantec, et al...) has not
protected us. We are now reconsidering our stance on
allowing .ZIP files in Email.

We engineered our own cleaning utility hours before
our AV vendors even had signatures. Infecting lab
clients and using diff tools...etc

>From a network perspective we are watching for the
supposed DOS against SCO.

We have had the outbreak under control just a few
hours after it's inception.

Anyone care to contribute their experience?

Thanks,
Beleguese


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Novarg, (continued)
- - - Re: Novarg Nick FitzGerald (Jan 29)
  - Re: Novarg Greg A. Woods (Jan 28)
    - Re: Novarg Jonathan A. Zdziarski (Jan 28)
    - best defense (was: Re: Novarg Meritt James (Jan 29)
    - Re: best defense (was: Re: Novarg Greg A. Woods (Jan 30)
    - Re: Novarg Matt Curtin (Jan 30)
  - Re: Novarg Matt Curtin (Jan 29)
- RE: Novarg - Stopping .Zip Files Tom Milliner (Jan 28)
  - Re: Novarg - Stopping .Zip Files Keith W. McCammon (Jan 28)
    - Re: Novarg - Stopping .Zip Files Alvin Mills (Jan 30)
  - RE: Novarg - Stopping .Zip Files jamesworld (Jan 28)
  - Re: Novarg - Stopping .Zip Files Bill Pennington (Jan 28)
    - RE: Novarg - Stopping .Zip Files Timmothy Posey (Jan 30)
    - Re: Novarg - Stopping .Zip Files Alvin Mills (Jan 30)
- Re: Novarg Dave Laird (Jan 28)
- RE: Novarg Wayne S. Ackley (Jan 28)
- Re: Novarg James Riden (Jan 28)
- RE: Novarg Chris Aguilar (Jan 28)
- RE: Novarg Jeremy Strachan (Jan 28)
  - RE: Novarg Stephen Warren (Jan 29)
    - Re: Novarg Robin Sheat (Jan 30)

(Thread continues...)